{"id":2702,"date":"2018-05-13T01:57:21","date_gmt":"2018-05-13T01:57:21","guid":{"rendered":"http:\/\/websecuritypatterns.com\/blogs\/?page_id=2702"},"modified":"2018-11-02T11:26:46","modified_gmt":"2018-11-02T11:26:46","slug":"my-favorite-pages","status":"publish","type":"page","link":"https:\/\/websecuritypatterns.com\/blogs\/my-favorite-pages\/","title":{"rendered":"Security &#038; Cloud Audit Tools"},"content":{"rendered":"<ol>\n<li><a href=\"https:\/\/www.powerdown.io\/blog\/posts\/stories\/web-developer-security-checklist.html\">Web Developer Security Checklist<\/a> &#8211;\u00a0https:\/\/www.powerdown.io\/blog\/posts\/stories\/web-developer-security-checklist.html<\/li>\n<li><a href=\"http:\/\/sectools.org\">Top 125 Security Tools<\/a>: \u00a0http:\/\/sectools.org<\/li>\n<li><a href=\"http:\/\/www.oldergeeks.com\">Free Security Software downloads<\/a>: \u00a0http:\/\/www.oldergeeks.com<\/li>\n<li><a href=\"https:\/\/www.howtogeek.com\">How to Geek (Shortcuts\/Cheatsheets)<\/a>: https:\/\/www.howtogeek.com<\/li>\n<li><a href=\"https:\/\/www.thegeekstuff.com\">Linux 101 Hacks E-Book, How-to Cheatsheets<\/a>:\u00a0https:\/\/www.thegeekstuff.com<\/li>\n<li><a href=\"http:\/\/www.editthiscookie.com\">Edit the cookie<\/a>:\u00a0http:\/\/www.editthiscookie.com<\/li>\n<li><a href=\"https:\/\/www.ghostery.com\">Ghostery (Ad Blocker)<\/a>:\u00a0https:\/\/www.ghostery.com<\/li>\n<li><a href=\"https:\/\/noscript.net\">No Scripts (Blocks malicious scripts, plug-ins, and other Web attack code)<\/a> &#8211;\u00a0https:\/\/noscript.net<\/li>\n<li><a href=\"https:\/\/www.eff.org\/privacybadger\">EFF Privacy Badger (Blocks spying ads &amp; invisible trackers)<\/a> &#8211; https:\/\/www.eff.org\/privacybadger<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/sysinternals-suite\">SysInternals Suite<\/a>:\u00a0https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/sysinternals-suite<\/li>\n<li><a href=\"https:\/\/www.osforensics.com\">OS Forensics (Free)<\/a> &#8211;\u00a0https:\/\/www.osforensics.com<\/li>\n<li><a href=\"http:\/\/www.x-ways.net\/winhex\/\">WinHex Forensics &amp; Data recovery<\/a> &#8211;\u00a0http:\/\/www.x-ways.net\/winhex\/<\/li>\n<li><a href=\"https:\/\/www.sandboxie.com\">Sandboxie Isolation Technology (Programs from OS)<\/a>: https:\/\/www.sandboxie.com<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/powershell\/scripting\/setup\/starting-windows-powershell\">Windows Powershell<\/a> &#8211;\u00a0https:\/\/docs.microsoft.com\/en-us\/powershell\/scripting\/setup\/starting-windows-powershell<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/powershell\/scripting\/core-powershell\/console\/powershell.exe-command-line-help?view=powershell-6\">Windows Powershell help<\/a> &#8211;\u00a0https:\/\/docs.microsoft.com\/en-us\/powershell\/scripting\/core-powershell\/console\/powershell.exe-command-line-help?view=powershell-6<\/li>\n<li><a href=\"https:\/\/www.pdq.com\">PDQ Inventory<\/a> &#8211;\u00a0https:\/\/www.pdq.com<\/li>\n<li><a href=\"https:\/\/ninite.com\">Software update bots.<\/a> &#8211;\u00a0https:\/\/ninite.com<\/li>\n<li><a href=\"https:\/\/batchpatch.com\">Windows Patching<\/a> &#8211;\u00a0https:\/\/batchpatch.com<\/li>\n<li><a href=\"https:\/\/chocolatey.org\">Choclatee\u00a0Package Manager<\/a> &#8211;\u00a0https:\/\/chocolatey.org<\/li>\n<li><a href=\"https:\/\/nmap.org\">NMAP<\/a> &#8211;\u00a0https:\/\/nmap.org<\/li>\n<li><a href=\"https:\/\/wireshark.org\">Wireshark<\/a> &#8211; https:\/\/wireshark.org<\/li>\n<li><a href=\"http:\/\/www.tcpdump.org\">TCPDump<\/a> &#8211; http:\/\/www.tcpdump.org<\/li>\n<li><a href=\"https:\/\/www.fing.io\">Home network protection and performance<\/a> &#8211;\u00a0https:\/\/www.fing.io<\/li>\n<li><a href=\"https:\/\/www.aescrypt.com\">AES Encrypt File encryption<\/a> &#8211;\u00a0https:\/\/www.aescrypt.com<\/li>\n<li><a href=\"https:\/\/tails.boum.org\">Anonymous browsing<\/a> &#8211;\u00a0https:\/\/tails.boum.org<\/li>\n<li><a href=\"http:\/\/www.torproject.org\">Tor Project<\/a> &#8211; http:\/\/www.torproject.org<\/li>\n<li>Anonymous \u00a0&#8211;\u00a0http:\/\/anonymouse.org<\/li>\n<li>Proxies &#8211;\u00a0http:\/\/www.econsultant.com\/proxylist\/index.html<\/li>\n<li>OWASP Zed Attack Proxy &#8211;\u00a0https:\/\/www.owasp.org\/index.php\/OWASP_Zed_Attack_Proxy_Project<\/li>\n<li><a href=\"https:\/\/portswigger.net\/burp\" target=\"_blank\" rel=\"noopener\">Portswigger Burp Suite<\/a> &#8211; https:\/\/portswigger.net\/burp<\/li>\n<li><a href=\"https:\/\/www.guardicore.com\/infectionmonkey\/\" target=\"_blank\" rel=\"noopener\">Guardicore Infection Monkey<\/a> &#8211;\u00a0https:\/\/www.guardicore.com\/infectionmonkey\/<\/li>\n<li><a href=\"https:\/\/www.metasploit.com\" target=\"_blank\" rel=\"noopener\">Metasploit<\/a> &#8211;\u00a0https:\/\/www.metasploit.com<\/li>\n<li><a href=\"https:\/\/zeltser.com\/cheat-sheets\/\" target=\"_blank\" rel=\"noopener\">Lenny&#8217;s Security Cheatsheets<\/a> &#8211;\u00a0https:\/\/zeltser.com\/cheat-sheets\/<\/li>\n<li><a href=\"https:\/\/www.malwarearchaeology.com\/cheat-sheets\/\" target=\"_blank\" rel=\"noopener\">Windows Malware Archeology &#8211; Cheatsheet<\/a> :\u00a0https:\/\/www.malwarearchaeology.com\/cheat-sheets\/<\/li>\n<li><a href=\"http:\/\/www.geocreepy.com\" target=\"_blank\" rel=\"noopener\">Geolocation services<\/a> &#8211;\u00a0http:\/\/www.geocreepy.com<\/li>\n<li><a href=\"https:\/\/www.peekyou.com\" target=\"_blank\" rel=\"noopener\">People search<\/a> &#8211;\u00a0https:\/\/www.peekyou.com<\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/mssmallbiz\/\" target=\"_blank\" rel=\"noopener\">Free Microsoft books<\/a> &#8211;\u00a0https:\/\/blogs.msdn.microsoft.com\/mssmallbiz\/<\/li>\n<li><a href=\"http:\/\/www.toolswatch.org\/2017\/02\/2016-top-security-tools-as-voted-by-toolswatch-org-readers\/\" target=\"_blank\" rel=\"noopener\">2016 Security tools<\/a> &#8211; \u00a0http:\/\/www.toolswatch.org\/2017\/02\/2016-top-security-tools-as-voted-by-toolswatch-org-readers\/<\/li>\n<li><a href=\"http:\/\/passwordsgenerator.net\">Password Generator<\/a> &#8211;\u00a0http:\/\/passwordsgenerator.net<\/li>\n<li><a href=\"https:\/\/www.ejbca.org\">Open Source CA<\/a> &#8211;\u00a0https:\/\/www.ejbca.org<\/li>\n<li><a href=\"https:\/\/letsencrypt.org\">Free SSL\/TLS certificates<\/a> &#8211;\u00a0https:\/\/letsencrypt.org<\/li>\n<li><a href=\"https:\/\/medium.com\/@gnowland\/deploying-lets-encrypt-on-an-amazon-linux-ami-ec2-instance-f8e2e8f4fc1f\">Deploying LetsEncrypt on AWS<\/a> &#8211;\u00a0https:\/\/medium.com\/@gnowland\/deploying-lets-encrypt-on-an-amazon-linux-ami-ec2-instance-f8e2e8f4fc1f<\/li>\n<li><a href=\"https:\/\/www.cgmartin.com\/2016\/01\/19\/securing-aws-cloudfront-with-free-ssl-certificates-from-lets-encrypt\/\">Deploying LetsEncrypt for CloudFront<\/a> &#8211;\u00a0https:\/\/www.cgmartin.com\/2016\/01\/19\/securing-aws-cloudfront-with-free-ssl-certificates-from-lets-encrypt\/<\/li>\n<li>OpenSSL Cheatsheets:\n<ul>\n<li>https:\/\/medium.freecodecamp.org\/openssl-command-cheatsheet-b441be1e8c4a<\/li>\n<li>https:\/\/gist.github.com\/davewongillies\/7050080<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/blog.g0tmi1k.com\/2011\/08\/basic-linux-privilege-escalation\/\">Linux Privilege Escalation<\/a> &#8211;\u00a0https:\/\/blog.g0tmi1k.com\/2011\/08\/basic-linux-privilege-escalation\/<\/li>\n<li><a href=\"https:\/\/www.sploitspren.com\/2018-01-26-Windows-Privilege-Escalation-Guide\/\">Windows Privilege Escalation<\/a> &#8211;\u00a0https:\/\/www.sploitspren.com\/2018-01-26-Windows-Privilege-Escalation-Guide\/<\/li>\n<li><a href=\"https:\/\/www.kitploit.com\/2018\/05\/prowler-distributed-network.html\">Prowler &#8211; Raspberry based Network Scanner<\/a> &#8211;\u00a0https:\/\/www.kitploit.com\/2018\/05\/prowler-distributed-network.html<\/li>\n<\/ol>\n<h2>Github Security Best Practices<\/h2>\n<ul>\n<li><a href=\"https:\/\/snyk.io\/blog\/ten-git-hub-security-best-practices\/\">Snyk Cheatsheet:<\/a>\u00a0https:\/\/snyk.io\/blog\/ten-git-hub-security-best-practices\/<\/li>\n<\/ul>\n<h1>AWS Cloud Security &amp; Auditing tools on Github &amp; Others<\/h1>\n<ul>\n<li><a href=\"https:\/\/aws.amazon.com\/quickstart\/architecture\/accelerator-cis-benchmark\/\">AWS CIS Benchmark Quickstart:<\/a>\u00a0https:\/\/aws.amazon.com\/quickstart\/architecture\/accelerator-cis-benchmark\/<\/li>\n<li><a href=\"https:\/\/github.com\/nccgroup\/Scout2\">Scout2:<\/a>\u00a0https:\/\/github.com\/nccgroup\/Scout2<\/li>\n<li><a href=\"https:\/\/github.com\/toniblyx\/prowler\">Prowler<\/a>\u00a0https:\/\/github.com\/toniblyx\/prowler<\/li>\n<li><a href=\"https:\/\/github.com\/disruptops\/resource-counter\">AWS Resource Counter (Quick Inventory Checks)<\/a>:\u00a0https:\/\/github.com\/disruptops\/resource-counter<\/li>\n<li><a href=\"https:\/\/github.com\/Netflix\/security_monkey\">Netflix Security Monkey (Track Policy and Config Changes):<\/a>\u00a0https:\/\/github.com\/Netflix\/security_monkey<\/li>\n<li><a href=\"https:\/\/github.com\/capitalone\/cloud-custodian\">CapitalOne Cloud Custodian (Policy &amp; Encryption)<\/a>:\u00a0https:\/\/github.com\/capitalone\/cloud-custodian<\/li>\n<li><a href=\"http:\/\/flaws.cloud\/\">Common Mistakes and Gotchas<\/a>:\u00a0http:\/\/flaws.cloud\/<\/li>\n<li><a href=\"https:\/\/github.com\/carnal0wnage\/weirdAAL\/wiki\">AWS Attack library<\/a>:\u00a0https:\/\/github.com\/carnal0wnage\/weirdAAL\/wiki<\/li>\n<li><a href=\"https:\/\/github.com\/awslabs\/amazon-guardduty-tester\">AWS Guard Duty Tester Template &#8211; SSH and RDP Bruteforce test, Cryptojacking:\u00a0https:\/\/github.com\/awslabs\/amazon-guardduty-tester<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/duo-labs\/cloudmapper\">AWS Cloud Network Diagram &#8211; Cloud Mapper: https:\/\/github.com\/duo-labs\/cloudmapper<\/a><\/li>\n<li><a href=\"http:\/\/cider.xyz\">Quick CIDR Maker: http:\/\/cidr.xyz<\/a><\/li>\n<\/ul>\n<h3>S3 Bucket Security<\/h3>\n<ul>\n<li><a href=\"https:\/\/github.com\/bear\/s3scan\">S3 Bucket Policy Report<\/a>: https:\/\/github.com\/bear\/s3scan<\/li>\n<li><a href=\"https:\/\/github.com\/sa7mon\/S3Scanner\">S3 Bucket Scanner (Find Open ones without policies)<\/a> :\u00a0https:\/\/github.com\/sa7mon\/S3Scanner<\/li>\n<\/ul>\n<h3>AWS IAM and Access Key Management<\/h3>\n<ul>\n<li><a href=\"https:\/\/github.com\/disruptops\/cred_scanner\">Access Key Credential Scanner (in Files and Jenkins):\u00a0https:\/\/github.com\/disruptops\/cred_scanner<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/te-papa\/aws-key-disabler\">AWS IAM Key <\/a>Disabler:\u00a0https:\/\/github.com\/te-papa\/aws-key-disabler<\/li>\n<li><a href=\"https:\/\/github.com\/Netflix\/repokid\">Netflix Repokid &#8211; AWS Access Advisor for Least Privileges<\/a>:\u00a0https:\/\/github.com\/Netflix\/repokid<\/li>\n<li><a href=\"https:\/\/github.com\/awslabs\/git-secrets\">Git Secret Manager (Prevents storing AWS secrets in Git):<\/a>\u00a0https:\/\/github.com\/awslabs\/git-secrets<\/li>\n<li><a href=\"https:\/\/github.com\/stuhirst\/awssecurity\/blob\/master\/arsenal.md\">Stuhirst Arsenal:\u00a0https:\/\/github.com\/stuhirst\/awssecurity\/blob\/master\/arsenal.md<\/a><\/li>\n<\/ul>\n<h2>Java Cryptography<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/Using_the_Java_Cryptographic_Extensions\">OWASP Examples of JCE<\/a>:\u00a0https:\/\/www.owasp.org\/index.php\/Using_the_Java_Cryptographic_Extensions<\/li>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/Using_the_Java_Secure_Socket_Extensions\">OWASP Examples of JSSE<\/a>:\u00a0https:\/\/www.owasp.org\/index.php\/Using_the_Java_Secure_Socket_Extensions (I wrote the code for Core Security Patterns book)<\/li>\n<\/ul>\n<h1>Post Quantum Crypto &#8211; PQCrypto, SafeCrypto Algorithms<\/h1>\n<ul>\n<li><a href=\"https:\/\/github.com\/open-quantum-safe\/openssl\">Open Quantum Safe: OQSKEM (OpenSSL Fork):<\/a>\u00a0https:\/\/github.com\/open-quantum-safe\/openssl<\/li>\n<li><a href=\"https:\/\/github.com\/open-quantum-safe\/liboqs\">Open Quantum Safe (liboqs):<\/a>\u00a0https:\/\/github.com\/open-quantum-safe\/liboqs<\/li>\n<li><a href=\"https:\/\/github.com\/isaracorp\/Toolkit-Samples\">ISARA PQC Testing Sample<\/a>s:\u00a0https:\/\/github.com\/isaracorp\/Toolkit-Samples<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><em>Thanks to Glenn Brunette, Ron Woerner, Stu Hirst and many friends\/contributors for sharing pointers and motivating me to put this page&#8230;.\u00a0and it keeps growing!<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web Developer Security Checklist &#8211;\u00a0https:\/\/www.powerdown.io\/blog\/posts\/stories\/web-developer-security-checklist.html Top 125 Security Tools: \u00a0http:\/\/sectools.org Free Security Software downloads: \u00a0http:\/\/www.oldergeeks.com How to Geek (Shortcuts\/Cheatsheets): https:\/\/www.howtogeek.com Linux 101 Hacks E-Book, How-to Cheatsheets:\u00a0https:\/\/www.thegeekstuff.com Edit the cookie:\u00a0http:\/\/www.editthiscookie.com Ghostery (Ad Blocker):\u00a0https:\/\/www.ghostery.com No Scripts (Blocks malicious scripts, plug-ins, and other Web attack code) &#8211;\u00a0https:\/\/noscript.net EFF Privacy Badger (Blocks spying ads &amp; invisible trackers) &#8211; https:\/\/www.eff.org\/privacybadger SysInternals Suite:\u00a0https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/sysinternals-suite OS Forensics (Free)&#8230; <a href=\"https:\/\/websecuritypatterns.com\/blogs\/my-favorite-pages\/\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-2702","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/pages\/2702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/comments?post=2702"}],"version-history":[{"count":19,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/pages\/2702\/revisions"}],"predecessor-version":[{"id":2778,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/pages\/2702\/revisions\/2778"}],"wp:attachment":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/media?parent=2702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}